From 10ffaf0f4f897c7c31b8ffd88ee9d0400bfbbc36 Mon Sep 17 00:00:00 2001 From: Philipp Rintz <13933258+p-rintz@users.noreply.github.com> Date: Fri, 12 Oct 2018 15:54:15 +0200 Subject: [PATCH] Cut down on comments, change directory of users_db I removed some (parts) of comments as requested. Also changed the directory of the users_database.yml. I would add the one/two volume issue into the docker swarm config then. --- config.minimal.yml | 74 ++++------------------------------------------ 1 file changed, 6 insertions(+), 68 deletions(-) diff --git a/config.minimal.yml b/config.minimal.yml index c9de59d2..2771b7d6 100644 --- a/config.minimal.yml +++ b/config.minimal.yml @@ -4,24 +4,16 @@ authentication_backend: file: - # The path to the database file. The file is at the root of the repo. - path: /etc/authelia/volume/users_database.yml + path: /etc/authelia/users_database.yml session: - # The secret to encrypt the session cookies with. secret: unsecure_session_secret - - # The domain to protect. - # Note: Authelia must also be served by that domain. domain: example.com -# Configuration of the storage backend used to store data and secrets. -# i.e 2FA data -# You must use only an available configuration: local, mongo +# Configuration of the storage backend used to store data and secrets. i.e. totp data storage: - # The directory where the DB files will be saved local: - path: /etc/authelia/volume + path: /etc/authelia/storage # TOTP Issuer Name # @@ -34,16 +26,6 @@ totp: # # Authentication methods can be defined per subdomain. # There are currently two available methods: "single_factor" and "two_factor" -# -# Note: by default a domain uses "two_factor" method. -# -# Note: 'per_subdomain_methods' is a dictionary where keys must be subdomains and -# values must be one of the two possible methods. -# -# Note: 'per_subdomain_methods' is optional. -# -# Note: authentication_methods is optional. If it is not set all sub-domains -# are protected by two factors. authentication_methods: default_method: two_factor per_subdomain_methods: @@ -53,38 +35,8 @@ authentication_methods: # # Access control is a set of rules you can use to restrict user access to certain # resources. -# Any (apply to anyone), per-user or per-group rules can be defined. -# -# If 'access_control' is not defined, ACL rules are disabled and the `allow` default -# policy is applied, i.e., access is allowed to anyone. Otherwise restrictions follow -# the rules defined. -# -# Note: One can use the wildcard * to match any subdomain. -# It must stand at the beginning of the pattern. (example: *.mydomain.com) -# -# Note: You must put the pattern in simple quotes when using the wildcard for the YAML -# to be syntaxically correct. -# -# Definition: A `rule` is an object with the following keys: `domain`, `policy` -# and `resources`. -# - `domain` defines which domain or set of domains the rule applies to. -# - `policy` is the policy to apply to resources. It must be either `allow` or `deny`. -# - `resources` is a list of regular expressions that matches a set of resources to -# apply the policy to. -# -# Note: Rules follow an order of priority defined as follows: -# In each category (`any`, `groups`, `users`), the latest rules have the highest -# priority. In other words, it means that if a given resource matches two rules in the -# same category, the latest one overrides the first one. -# Each category has also its own priority. That is, `users` has the highest priority, then -# `groups` and `any` has the lowest priority. It means if two rules in different categories -# match a given resource, the one in the category with the highest priority overrides the -# other one. -# access_control: # Default policy can either be `allow` or `deny`. - # It is the policy applied to any resource if it has not been overriden - # in the `any`, `groups` or `users` category. default_policy: deny groups: admins: @@ -95,8 +47,7 @@ access_control: #- domain: 'mx2.mail.example.com' # policy: deny - # User-based rules. The key is a user name and the value - # is a list of rules. + # User-based rules. users: john: - domain: dev.example.com @@ -117,16 +68,10 @@ access_control: - '^/users/bob/.*$' # Configuration of the authentication regulation mechanism. -# -# This mechanism prevents attackers from brute forcing the first factor. -# It bans the user if too many attempts are done in a short period of -# time. -regulation: - # The number of failed login attempts before user is banned. - # Set it to 0 to disable regulation. +regulation: + # Set it to 0 to disable max_retries. max_retries: 3 - # The time range during which the user can attempt login before being banned. # The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. find_time: 120 @@ -135,12 +80,6 @@ regulation: # Default redirection URL # -# If user tries to authenticate without any referer, Authelia -# does not know where to redirect the user to at the end of the -# authentication process. -# This parameter allows you to specify the default redirection -# URL Authelia will use in such a case. -# # Note: this parameter is optional. If not provided, user won't # be redirected upon successful authentication. #default_redirection_url: https://authelia.example.domain @@ -158,7 +97,6 @@ notifier: ## sender: admin@example.com ## service: gmail - # Use a SMTP server for sending notifications # Use a SMTP server for sending notifications smtp: username: test